Synchronizing a translation lookaside buffer with an extended paging table

ABSTRACT

A processor including logic to execute an instruction to synchronize a mapping from a physical address of a guest of a virtualization based system (guest physical address) to a physical address of the host of the virtualization based system (host physical address), and stored in a translation lookaside buffer (TLB), with a corresponding mapping stored in an extended paging table (EPT) of the virtualization based system.

RELATED APPLICATIONS

This is a Continuation of U.S. patent application Ser. No. 14/517,849,filed Oct. 18, 2014, now pending, which is a Continuation of U.S. patentapplication Ser. No. 14/070,561, filed Nov. 3, 2013, now U.S. Pat. No.8,949,571, which is a Continuation of U.S. patent application Ser. No.13/658,752, filed Oct. 23, 2012, now U.S. Pat. No. 8,601,233, which is aContinuation of U.S. patent application Ser. No. 13/348,608, filed Jan.11, 2012, now U.S. Pat. No. 8,296,546, which is a Continuation of U.S.patent application Ser. No. 12/495,555, filed Jun. 30, 2009, now U.S.Pat. No. 8,099,581, which is a Continuation of U.S. patent applicationSer. No. 11/504,964, filed Aug. 15, 2006, now U.S. Pat. No. 7,555,628,which is related to U.S. patent application Ser. No. 11/036,736, nowU.S. Pat. No. 7,886,126.

BACKGROUND OF THE INVENTION

Virtualization enables a single host machine with hardware and softwaresupport for virtualization to present an abstraction of the host, suchthat the underlying hardware of the host machine appears as one or moreindependently operating virtual machines. Each virtual machine maytherefore function as a self-contained platform. Often, virtualizationtechnology is used to allow multiple guest operating systems and/orother guest software to coexist and execute apparently simultaneouslyand apparently independently on multiple virtual machines while actuallyphysically executing on the same hardware platform. A virtual machinemay mimic the hardware of the host machine or alternatively present adifferent hardware abstraction altogether.

Virtualization systems may include a virtual machine monitor (VMM) whichcontrols the host machine. The VMM provides guest software operating ina virtual machine with a set of resources (e.g., processors, memory, IOdevices). The VMM may map some or all of the components of a physicalhost machine into the virtual machine, and may create fully virtualcomponents, emulated in software in the VMM, which are included in thevirtual machine (e.g., virtual IO devices). The VMM may thus be said toprovide a “virtual bare machine” interface to guest software. The VMMuses facilities in a hardware virtualization architecture to provideservices to a virtual machine and to provide protection from and betweenmultiple virtual machines executing on the host machine. As guestsoftware executes in a virtual machine, certain instructions executed bythe guest software (e.g., instructions accessing peripheral devices)would normally directly access hardware, were the guest softwareexecuting directly on a hardware platform. In a virtualization systemsupported by a VMM, these instructions may cause a transition to theVMM, referred to herein as a virtual machine exit. The VMM handles theseinstructions in software in a manner suitable for the host machinehardware and host machine peripheral devices consistent with the virtualmachines on which the guest software is executing. Similarly, certaininterrupts and exceptions generated in the host machine may need to beintercepted and managed by the VMM or adapted for the guest software bythe VMM before being passed on to the guest software for servicing. TheVMM then transitions control to the guest software and the virtualmachine resumes operation. The transition from the VMM to the guestsoftware is referred to herein as a virtual machine entry.

As is known in the art, a page table is often used to provide a mappingfrom linear memory to physical memory in a typical processor basedsystem. Page tables are generally memory-resident structures andtherefore accessing a page table to determine a physical addresscorresponding to a linear address causes a memory access, which maydelay processing time. In order to alleviate this concern, manyprocessor implementations include a high speed memory or bank ofregisters within the processor termed a translation lookaside buffer(TLB) in which some subset of the current linear to physical memorymappings that are in use is cached, based on the values in the pagetable. This allows a processor to more rapidly access a translation of alinear address to the corresponding physical address than would bepossible in general if the processor had to access the page table.Processor implementations generally provide instructions to manage theTLB, including an instruction to invalidate or update all the entries inthe TLB based on current translations as stored in the page tab.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example and notlimitation in the figures of the accompanying drawings.

FIG. 1 depicts the relationship between process and physical memory.

FIG. 2 depicts abstractly the relationship between virtual machines anda host machine in one embodiment.

FIG. 3 depicts a high level structure of a virtual machine environmentin one embodiment.

FIG. 3 a represents a processor in one embodiment at a functional level

FIG. 4 depicts address computation using extended paging tables in oneembodiment.

FIG. 5 depicts the flow of instruction execution in one embodiment.

DETAILED DESCRIPTION

FIG. 1 shows a process executing on a processor-based system whichincorporates a processor and a memory communicatively coupled to theprocessor by a bus. With reference to FIG. 1, when a process 105references a memory location 110 in its linear address space 115 (linearmemory space), a reference to an actual address 140 in the physicalmemory 145 of the machine 125 (machine physical memory) is generated bymemory management 130, which may be implemented in hardware (sometimesincorporated into the processor 120) and software (generally in theoperating system of the machine). Memory management 130, among otherfunctions maps a location in the linear address space to a location inphysical memory of the machine. As shown in FIG. 1, a process may have adifferent view of memory from the actual memory available in thephysical machine. In the example depicted in FIG. 1, the processoperates in a linear address space from 0 to 1 MB which is actuallymapped by the memory management hardware and software into a portion ofthe physical memory which itself has an address space from 10 to 11 MB;to compute a physical address from a process space address, an offset135 may be added to the linear address. More complex mappings fromlinear address space to physical memory are possible, for example, thephysical memory corresponding to linear memory may be divided into partssuch as pages and be interleaved with pages from other processes inphysical memory.

Memory is customarily divided into pages, each page containing a knownamount of data, varying across implementations, e.g. a page may contain4096 bytes of memory, 1 MB of memory, or any other amount of memory asmay be desired for a particular application. As memory locations arereferenced by the executing process, they are translated into pagereferences. In a typical machine, memory management maps a reference toa page in linear memory to a page in machine physical memory. Ingeneral, memory management may use a page table to specify the physicalpage location corresponding to a process space page location.

One aspect of managing guest software in a virtual machine environmentis the management of memory. Handling memory management actions taken bythe guest software executing in a virtual machine creates complexity fora controlling system such as a virtual machine monitor. Consider forexample a system in which two virtual machines execute viavirtualization on a host machine implemented on an x86 platform whichmay include page tables implemented as part of the x86 processor.Further, assume that each virtual machine itself presents an abstractionof an x86 machine to the guest software executing thereon. Guestsoftware executing on each virtual machine may make references to aguest linear memory address, which in turn is translated by the guestmachine's memory management system to a guest-physical memory address.However, guest-physical memory itself may be implemented by a furthermapping in host-physical memory through a VMM and the virtualizationsubsystem in hardware on the host processor. Thus, references to guestmemory by guest processes or the guest operating system, including forexample references to guest x86 page table control registers, must thenbe intercepted by the VMM because they cannot be directly passed on tothe host machine's page table without further reprocessing, as theguest-physical memory does not, in fact, correspond directly tohost-physical memory but is rather further remapped through thevirtualization system of the host machine.

FIG. 2: FIG. 2 depicts the relationship between one or more virtualmachines executing on a host machine with specific regard to the mappingof guest memory in one embodiment. FIG. 2 illustrates how guest-physicalmemory is remapped through the virtualization system of the hostmachine. Each virtual machine such as virtual machine A, 242, andvirtual machine B, 257, presents a virtual processor 245 and 255respectively to guest software running on the virtual machines. Eachmachine provides an abstraction of physical memory to the guestoperating system or other guest software, guest-physical memories 240and 250, respectively. As guest software executes on the virtualmachines 242 and 257, it is actually executed by the host machine 267 onhost processor 265 utilizing host-physical memory 260.

As shown in FIG. 2, in this embodiment, guest-physical memory 240 whichis presented as a physical memory space starting at address 0 in virtualmachine A, 242, is mapped to some contiguous region 270 in host-physicalmemory 260. Similarly, guest-physical memory 250 in virtual machine B,257, is mapped to a different portion 275 of host-physical memory 260.As shown in FIG. 2, the host machine might have 1024 MB of host-physicalmemory. If each virtual machine 242 and 257 is assigned 256 MB ofmemory, one possible mapping might be that virtual machine A, 242, isassigned the range 128-384 MB and virtual machine B, 257, is assignedthe range 512-768 MB. Both virtual machines 242 and 257 reference aguest-physical address space of 0-256 MB. Only the VMM is aware thateach virtual machine's address space maps to different portions of thehost-physical address space.

The virtual machines and memory mapping shown in FIG. 2 are only onerepresentation of one embodiment, in other embodiments, the actualnumber of virtual machines executing on a host machine may vary from oneto many; the actual memory sizes of the host machine and the virtualmachines may vary and be variable from virtual machine to virtualmachine. The example depicts a simple, contiguous allocation of memoryto virtual machines. In a more general case, the physical-memory pagesallocated to a virtual machine may not be contiguous and might bedistributed in the host-physical memory interleaved with each other andwith pages belonging to the VMM and to other host processes.

A processor-based system that is presented as a virtual machine in asystem such as that depicted in FIG. 2 may implement a virtual machinein all its complexity. Thus for example, a virtual machine may present afull view of guest-physical memory to the guest OS, and perform memorymanagement for guest software executing on the virtual machine, usingmemory management provided by the guest OS and the virtual processor orother virtual hardware of the virtual machine. In one exemplaryembodiment, the virtual machine may present an x86 platform includingx86 hardware support such as page tables for memory management to theguest OS, and in turn be actually executing on a host platform which isalso an x86 platform including x86 hardware for memory management.Without additional mechanisms, a virtualization system in thisembodiment must implement a physical-memory virtualization algorithm inthe VMM using, as one possible solution, x86 page table shadowing toremap, partition and protect physical memory. Thus, for example, whenguest software attempts to access the x86 page tables of the virtualmachine, the VMM must overlay functionality required for virtualization(e.g., remapping physical addresses) onto the functionality required bythe guest OS.

To this end, the VMM must trap a variety of events surrounding the useof the paging mechanism by the guest software. This includes writes tocontrol registers such as control registers of the x86 memory managementsystem (e.g., CR0, CR3 and C4), accesses to model-specific registers(MSRs) associated with paging and memory access (e.g., memory-type rangeregisters (MTRRs)), handling certain exceptions (e.g., page faults), asdescribed in the x86 documentation. This use of the x86 page tables tovirtualize physical memory is complex and exacts a significantperformance overhead.

FIG. 3: FIG. 3 illustrates one embodiment of a virtual-machineenvironment 300. In this embodiment, a processor-based platform 316 mayexecute a VMM 312. The VMM, though typically implemented in software,may emulate and export a virtual bare machine interface to higher levelsoftware. Such higher level software may comprise a standard OS, a realtime OS, or may be a stripped-down environment with limited operatingsystem functionality and may not include OS facilities typicallyavailable in a standard OS in some embodiments. Alternatively, forexample, the VMM 312 may be run within, or using the services of,another VMM. VMMs may be implemented, for example, in hardware,software, firmware or by a combination of various techniques in someembodiments. In at least one embodiment, one or more components of theVMM may execute in one or more virtual machines and one or morecomponents of the VMM may execute on the bare platform hardware asdepicted in FIG. 3. The components of the VMM executing directly on thebare platform hardware are referred to herein as host components of theVMM.

The platform hardware 316 may be a personal computer (PC), server,mainframe, handheld device such as a personal digital assistant (PDA) or“smart” mobile phone, portable computer, set top box, or anotherprocessor-based system. The platform hardware 316 includes at least aprocessor 318 and memory 320. Processor 318 may be any type of processorcapable of executing programs, such as a microprocessor, digital signalprocessor, microcontroller, or the like. The processor may includemicrocode, programmable logic or hard coded logic for execution inembodiments. Although FIG. 3 shows only one such processor 318, theremay be one or more processors in the system in an embodiment.Additionally, processor 318 may include multiple cores, support formultiple threads, or the like. Memory 320 can comprise a hard disk, afloppy disk, random access memory (RAM), read only memory (ROM), flashmemory, any combination of the above devices, or any other type ofmachine medium readable by processor 318 in various embodiments. Memory320 may store instructions and/or data for performing program executionand other method embodiments. In some embodiments, some elements of theinvention may be implemented in other system components, e.g., in theplatform chipset or in the system's one or more memory controllers.

The VMM 312 presents to guest software an abstraction of one or morevirtual machines, which may provide the same or different abstractionsto the various guests. FIG. 3 shows two virtual machines, 302 and 314.Guest software such as guest software 303 and 313 running on eachvirtual machine may include a guest OS such as a guest OS 304 or 306 andvarious guest software applications 308 and 310. Guest software 303 and313 may access physical resources (e.g., processor registers, memory andI/O devices) within the virtual machines on which the guest software 303and 313 is running and to perform other functions. For example, theguest software 303 and 313 expects to have access to all registers,caches, structures, I/O devices, memory and the like, according to thearchitecture of the processor and platform presented in the virtualmachine 302 and 314.

In one embodiment, the processor 318 controls the operation of thevirtual machines 302 and 314 in accordance with data stored in a virtualmachine control structure (VMCS) 324. The VMCS 324 is a structure thatmay contain state of guest software 303 and 313, state of the VMM 312,execution control information indicating how the VMM 312 wishes tocontrol operation of guest software 303 and 313, information controllingtransitions between the VMM 312 and a virtual machine, etc. Theprocessor 318 reads information from the VMCS 324 to determine theexecution environment of the virtual machine and to constrain itsbehavior. In one embodiment, the VMCS 324 is stored in memory 320. Insome embodiments, multiple VMCS structures are used to support CPUswithin one or more virtual multiple virtual machines.

The VMM 312 may need to manage the physical memory accessible by guestsoftware running in the virtual machines 302 and 314. To supportphysical memory management in one embodiment, the processor 318 providesan extended page table (EPT) mechanism. In the embodiment, the VMM 312may include a physical memory management module 326 that provides valuesfor fields associated with physical memory virtualization that may needto be provided before transition of control to the virtual machine 302or 314. These fields are collectively referred to as EPT controls. EPTcontrols may include, for example, an EPT enable indicator specifyingwhether the EPT mechanism should be enabled and one or more EPT tableconfiguration controls indicating the form and semantics of the physicalmemory virtualization mechanism. These will be discussed in detailbelow. Additionally, in one embodiment, EPT tables 328 indicate thephysical address translation and protection semantics which the VMM 312may place on guest software 303 and 313.

In one embodiment, the EPT controls are stored in the VMCS 324.Alternatively, the EPT controls may reside in a processor 318, acombination of the memory 320 and the processor 318, or in any otherstorage location or locations. In one embodiment, separate EPT controlsare maintained for each of the virtual machines 302 and 314.Alternatively, the same EPT controls are maintained for both virtualmachines and are updated by the VMM 312 before each virtual machineentry.

In one embodiment, the EPT tables 328 are stored in memory 320.Alternatively, the EPT tables 328 may reside in the processor 318, acombination of the memory 320 and the processor 318, or in any otherstorage location or locations. In one embodiment, separate EPT tables328 are maintained for each of the virtual machines 302 and 314.Alternatively, the same EPT tables 328 are maintained for both virtualmachines 302 and 314 and are updated by the VMM 312 before each virtualmachine entry.

In one embodiment, the processor 318 includes EPT access logic 322 thatis responsible for determining whether the EPT mechanism is enabledbased on the EPT enable indicator. If the EPT mechanism is enabled, theprocessor translates guest-physical addresses to host-physicaladdresses-based on the EPT controls and EPT tables 328.

In the embodiment depicted, the processor may further include atranslation lookaside buffer (TLB) 323 to cache linear toguest-physical, guest-physical to host-physical address and linear tohost-physical translations. Linear to guest-physical and linear tohost-physical translations are referred to herein as “lineartranslations’. Guest-physical to host-physical and linear tohost-physical translations are referred to herein as “physicaltranslations”.

In one embodiment, in which the system 300 includes multiple processorsor multi-threaded processors, each of the logical processors isassociated with a separate EPT access logic 322, and the VMM 312configures the EPT tables 328 and EPT controls for each of the logicalprocessors.

Resources that can be accessed by guest software (e.g., 303, includingguest OS 304 and application 308) may either be classified as“privileged” or “non-privileged.” For privileged resources, the VMM 312facilitates functionality desired by guest software while retainingultimate control over these privileged resources. Further, each guestsoftware 303 and 313 expects to handle various platform events such asexceptions (e.g., page faults, general protection faults, etc.),interrupts (e.g., hardware interrupts, software interrupts), andplatform events (e.g., initialization (INIT) and system managementinterrupts (SMIs)). Some of these platform events are “privileged”because they must be handled by the VMM 312 to ensure proper operationof virtual machines 302 and 314 and for protection from and among guestsoftware. Both guest operating system and guest applications may attemptto access privileged resources and both may cause or experienceprivileged events. Privileged platform events and access attempts toprivileged resources are collectively referred to as “privileged events”or “virtualization events” herein.

FIG. 3 a: FIG. 3 a depicts at a high level some block level features ofprocessor 318 in the embodiment of FIG. 3. In general, a processor suchas the one depicted in FIG. 3 at 318 may include a processor bus orbuses such as the one indicated at 337 in FIG. 3 a. Furthermore, asdepicted in FIG. 3 a, a processor may include registers 350 in one ormultiple banks, and each register may have the capacity to store 32, 64,128 or another number of bits of data as is known. Each register bankmay further have several registers, such as e.g. 8, 32, 64 registers.Some registers may be dedicated to control and status use for example tostore the CR bits as in an x86 embodiment. In other embodiments, othercontrol registers and flags may be stored in the processor to allowdifferent modes of operation and status checking as is known in the art.In general a processor such as the one depicted in the embodiment ofFIG. 3 would include logic or logic circuitry 330 to fetch instructionsand data from memory, cache or other storage; logic or logic circuitryto decode instructions and execution units such as 334 to perform theinstructions. Many variations on these functional units are possible,e.g. execution in the execution unit may be pipelined; or includespeculation, and branch prediction; or have other features as related toa particular processor or application. Other functional logic 365 may bepresent in the processor such as logic for arithmetic, graphicsprocessing, and many other specific functions of the processor as isknown. An on-board cache 360 may be present in some embodiments. Thiscache may have various sizes such as 128 MB, 1 GB, etc. as is known Aspreviously indicated with reference to FIG. 3, the processor 318includes EPT access logic 322 and TLB 323. The EPT access logic mayinclude in one embodiment logic to populate, control and mange the EPT;and the TLB is generally a buffer including mappings from page tablesthat are cached for efficiency and other purposes within the processor.

FIG. 4: FIG. 4 shows one example of processing using the extended pagetables introduced above to ultimately compute a host-physical addresswhen guest software in a virtual machine references a guest virtualaddress. The example depicted shows guest software running in an x86platform using simple 32-bit virtual addressing and simple page tableformats. One skilled in the art will easily be able to extend thisexample to understand, for example, other paging modes (e.g., 64-bitaddressing in the guest software), other instruction set architectures(e.g., The Intel Itanium® Architecture, 64-bit and other variations ofthe x86 architecture, the PowerPC® Architecture, among many others, andto other configurations.

In FIG. 4 a reference to a guest virtual address 410 is executed byguest software executing in a virtual machine. The memory managementmechanism active in the guest (i.e., configured by the guest operatingsystem) is used to translate the virtual address to a guest-physicaladdress. Each guest-physical address used in the translation, and theresulting guest-physical address, are translated to host-physicaladdresses through EPT before accessing the host-physical memory. Thisprocess is detailed in the following discussion.

In this example, the appropriate bits 402 in the CR3 register 420 pointto the base of the guest's page directory table 460 in guest-physicalmemory. This value 402 is combined with the upper bits from the guestvirtual address 410 (appropriately adjusted, according to x86 semanticsby multiplying by 4 because, in this example, the entries in the tablesare 4 bytes each) to form the guest-physical address 412 of the pagedirectory entry (PDE) in the guest's PD table 460. This value 412 istranslated through the EPT tables 455 to form the host-physical address404 of the page directory entry. The processor accesses the pagedirectory entry using this host-physical address 404.

Information from the PDE includes the base address 422 of the guest'spage table 470. This guest-physical address 422 is combined with bits21:12 of the guest virtual address 410 appropriately adjusted to formthe guest-physical address 432 of the page table entry in the guest'spage table 470. This guest-physical address 432 is translated throughthe EPT tables 465 to form the host-physical address 414 of the guest'spage table entry (PTE). The processor accesses the PTE using thishost-physical address 414.

Information from the PTE includes the base address 442 of the page inguest-physical memory being accessed. This value is combined with thelow-order bits (11:0) of the guest virtual address 410 to form theguest-physical address 452 of the memory being accessed. This value 452is translated through the EPT tables 475 to form the host-physicaladdress 424 of the memory being accessed.

Each time the EPT tables are used to translate a guest-physical addressto a host-physical address, the processor also validates that the accessis permitted according to controls in the EPT tables, as will bedescribed below. Additionally, it must be understood that the EPT tables455, 465, and 475, though indicated as distinct in FIG. 4 may, in oneembodiment, be the same set of EPT tables (i.e., a single set of EPTtables is used for all address translations from guest-physical tohost-physical).

In a typical implementation of linear memory support in aprocessor-based system, mappings from linear addresses to physicaladdresses that are stored in a page table structure may be cached forefficiency reasons in a translation look-aside buffer (TLB).Instructions may be included in a processor instruction set to managethe TLB and to allow a program executing in the processor based systemto ensure that a particular entry in the TLB is synchronized with a pagetable entry. Thus for example, in the x86 architecture, the MOV CRinstruction may cause a global invalidation of all TLB entries, and thusa resynchronization of the entries as addresses are accessed.Alternatively, in the x86 example, a INVLPG instruction may be used toinvalidate a mapping stored in the TLB for a specific linear address,causing the entry in the TLB to be updated and synchronized with themapping in the page table.

In one embodiment, including a virtualized system that incorporates anextended paging table (EPT) as discussed above, a TLB may cache guestlinear to host physical address translations for processes executing inguest machine memory; and host linear to host physical mappings forprocesses such as the VMM executing directly on the host machine, asdiscussed previously with reference to FIG. 3 at 323. In the formercase, the guest linear to host physical mappings may be derived bothfrom page tables in the guest as well as from the EPT; in the lattercase, the mappings may be derived from the host page tables. Anadditional type of mapping may also be stored in the TLB: a mappingdirectly derived from guest physical to host physical memory based onthe mappings stored in the EPT.

In one embodiment, a new command is added to the processor instructionset. In this embodiment, the new command INVL_EPT provides programsexecuting directly on the host machine of a virtualized system, such asthe VMM, with a way to manage TLB entries derived from guest-physical tohost-physical mappings. Specifically, in this embodiment, the INVL_EPTinstruction ensures that guest-physical to host-physical and linear tohost physical mappings in the TLB are synchronized with EPT tables thatreside in host memory, and to specify the extent of synchronization, theEPT context, and where relevant, the guest physical memory address forwhich mappings are to be synchronized. A context generally speakingdefines a portion of the address space of a system. For guest-physicalto host-physical mappings, the EPT context is defined by the currentlyactive EPT table, which in turn is referenced by a register in thisembodiment, termed the EPT Pointer, or the EPTP

In this embodiment, the INVL_EPT instruction has three operands, first avalue, for an instruction mode or variant specification; a secondoperand, a value specifying the EPT pointer, which is equivalent to theEPT context in which the INVL_EPT instruction is to execute; and a thirdoperand, a value specifying the guest physical address associated withthe TLB entries to be invalidated. In this embodiment, the first operandis provided as an 8 bit immediate value, and the second and thirdoperand are provided as a block in memory, each occupying 64 bits. Otherembodiments are possible. For example, the operands may be provided inregisters or other memory locations either explicitly or implicitly.

The first operand in this embodiment is a switch or flag with at leastthree defined values, and thus specifying that the INVL_EPT instructionis to execute in one of three possible modes:

1. Individual Address mode: in this mode, physical translations in theTLB associated with a single guest physical address are synchronized tothe EPT, based on the mappings for that address in the EPT referenced bythe context provided in the second operand as described above.

2. Context mode: in this mode, the guest address parameter (thirdoperand as described above) is ignored, and those entries in the TLB inthe EPT context specified in the second operand as described above, aresynchronized with the EPT.

3. Global mode: in this mode, both the guest address parameter and theEPT context parameters are ignored and TLB entries derived from any EPTcontext are synchronized.

FIG. 5. The flowchart of FIG. 5 depicts the execution of the INVL_EPTinstruction in one embodiment. The execution begins at 500. First, theprocessor may conduct a number of tests to ensure that the currentexecution environment is valid for EPT related operations, at 505. Thesetests may include a test to ensure that the system is in a virtualizedmode of operation; that paging is enabled; and that there are no currenterror states, among others. If the execution environment is not valid,the instruction may either exit to an undefined state, generate ageneral protection fault, generate an undefined opcode fault or the likevia 555 and 560. If the execution environment is valid, the instructionexecution then reads, in this embodiment, an immediate 8 bit operand at510. This operand termed SYNC_CMD is expected to represent a valid modefor the INVL_EPT instruction as detailed above. If the operand is notvalid, at 515, the instruction exits as before to 555 and 560. If theoperand is valid, execution then proceeds to read the second and thirdoperands from memory, 520, and as discussed previously, the operands areexpected to be at a 128 bit block in memory at a reference labeledINVLEPT_DESC in the figure. The first 64 bits in this embodiment are theEPT context, or the EPT table pointer and are extracted as EPTP_CTX at525; the next 64 bits are the guest-physical address parameter for theinstruction, extracted as GP_ADDR at 530.

The execution of the instruction then proceeds to execute the actualsynchronization depending on the value of the SYNC_CMD operand in theflow of execution depicted at 535 to 580. As described previously,SYNC_CMD may be either be an indication to perform a globalsynchronization of the TLB based on all EPT contexts; or an indicationto perform a synchronization of only the EPT context specified by anoperand of the instruction; or finally, to perform a synchronization ofonly the guest-physical address passed as a parameter in the EPT contextprovided as a parameter. In this embodiment, as shown in the executionflow in FIG. 5, a check for the SYNC_CMD value being takes place at 535;the second at 540; and the third at 545. At 535, if the value ofSYNC_CMD indicates global synchronization, the instruction executes tosynchronize all physical mappings for all EPT contexts, and execution iscomplete, 580. Otherwise, if SYNC_CMD indicates context specificsynchronization at 540, execution then proceeds to check if the providedEPTP_CTX value is valid. If it is not, because, for instance, a reservedbit is set in the value or the address in the EPTP is invalid, executionof the instruction terminates with a General Protection Fault, 555 and560. If the context provided is valid, execution continues,synchronizing all physical mappings for the EPT context referenced byEPTP_CTX at 575, and then completes 580.

If SYNC_CMD is neither global nor context wide synchronization, and isalso a valid mode of operation, the only remaining possibility in thisembodiment is for the command to synchronize a specific guest physicaladdress. Execution then checks if the GP_ADDR parameter provided at 545is valid. If an invalid address is provided, execution exits at 555 and560 with a general protection fault. Otherwise, all physical mappingsassociated with the provided guest physical address GP_ADDR aresynchronized with the EPT referenced by the context provided in EPTP_CTXat 550, and execution completes, 580.

It will be clear to one of ordinary skill in the art that the abovedescribed embodiments may be varied widely. In some embodiments, acommand equivalent to INVL_EPT may be available, but may have adifferent syntax, including a name, the number, format, and size ofparameters, among others. As is known, different instruction setarchitectures (ISA) exist, and a similar command may be provided for adifferent ISA with format and other characteristics consistent with thatISA. For one example, an instruction to invalidate and/or synchronize aTLB with an EPT for a processor based on the Intel® Itanium Architecturemay readily be visualized and described based on the descriptions of theembodiments provided above by one of ordinary skill in the art; as mightinstructions for any other ISA.

The discussion relating to EPT context in the embodiments referencedabove should not be seen as limiting. In other embodiments, there may beonly one instance of an EPT, in others, several instances may beoperational as discussed in the x86 instance, with a reference mechanismsuch as a reference register or pointer akin to the EPTP discussedabove.

In other embodiments, the number and format of parameters may vary. Forexample, in the above described embodiments, the INVL_EPT instructionhas one immediate and two memory based operands. In other embodiments,more immediate operands may be used; in others all operands may bememory based; in yet other embodiments, operands may be read fromregisters or other stores within the processor, among many othervariations that are known.

The above described embodiments are described with reference to threemodes of operation for the INVL_EPT instruction. In other embodiments,some or all of these modes may be missing; in others, more modes may beavailable. For instance, in some embodiments, there may be no mode forindividual address invalidation, and in such a mode, all TLB entrieswould be synchronized. In some embodiments, there may be only oneinstance of an EPT operating in the system, and in such embodiments, thecontext mode may be unnecessary. Alternatively, in some embodiments,only individual address synchronization may be available; or in others,only global address synchronization may be used, making the firstoperand as described with reference to INVL_EPT unnecessary.

While these variations on the instruction and its operation arepossible, many others may readily be envisaged by one of ordinary skillin the art, including variations where the general effect of theINVL_EPT instruction is obtained by a combination of other instructions,among many others.

In the preceding description, for purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of the described embodiments, however, one skilled in theart will appreciate that many other embodiments may be practiced withoutthese specific details.

Some portions of the detailed description above are presented in termsof algorithms and symbolic representations of operations on data bitswithin a processor-based system. These algorithmic descriptions andrepresentations are the means used by those skilled in the art to mosteffectively convey the substance of their work to others in the art. Theoperations are those requiring physical manipulations of physicalquantities. These quantities may take the form of electrical, magnetic,optical or other physical signals capable of being stored, transferred,combined, compared, and otherwise manipulated. It has proven convenientat times, principally for reasons of common usage, to refer to thesesignals as bits, values, elements, symbols, characters, terms, numbers,or the like.

It should be borne in mind, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to these quantities. Unlessspecifically stated otherwise as apparent from the description, termssuch as “executing” or “processing” or “computing” or “calculating” or“determining” or the like, may refer to the action and processes of aprocessor-based system, or similar electronic computing device, thatmanipulates and transforms data represented as physical quantitieswithin the processor-based system's storage into other data similarlyrepresented or other such information storage, transmission or displaydevices.

In the description of the embodiments, reference may be made toaccompanying drawings. In the drawings, like numerals describesubstantially similar components throughout the several views. Otherembodiments may be utilized and structural, logical, and electricalchanges may be made. Moreover, it is to be understood that the variousembodiments, although different, are not necessarily mutually exclusive.For example, a particular feature, structure, or characteristicdescribed in one embodiment may be included within other embodiments.

Further, a design of an embodiment that is implemented in a processormay go through various stages, from creation to simulation tofabrication. Data representing a design may represent the design in anumber of manners. First, as is useful in simulations, the hardware maybe represented using a hardware description language or anotherfunctional description language. Additionally, a circuit level modelwith logic and/or transistor gates may be produced at some stages of thedesign process. Furthermore, most designs, at some stage, reach a levelof data representing the physical placement of various devices in thehardware model. In the case where conventional semiconductor fabricationtechniques are used, data representing a hardware model may be the dataspecifying the presence or absence of various features on different masklayers for masks used to produce the integrated circuit. In anyrepresentation of the design, the data may be stored in any form of amachine-readable medium. An optical or electrical wave modulated orotherwise generated to transmit such information, a memory, or amagnetic or optical storage such as a disc may be the machine readablemedium. Any of these mediums may “carry” or “indicate” the design orsoftware information. When an electrical carrier wave indicating orcarrying the code or design is transmitted, to the extent that copying,buffering, or re-transmission of the electrical signal is performed, anew copy is made. Thus, a communication provider or a network providermay make copies of an article (a carrier wave) that constitute orrepresent an embodiment.

Embodiments may be provided as a program product that may include amachine-readable medium having stored thereon data which when accessedby a machine may cause the machine to perform a process according to theclaimed subject matter. The machine-readable medium may include, but isnot limited to, floppy diskettes, optical disks, DVD-ROM disks, DVD-RAMdisks, DVD-RW disks, DVD+RW disks, CD-R disks, CD-RW disks, CD-ROMdisks, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnet oroptical cards, flash memory, or other type of media/machine-readablemedium suitable for storing electronic instructions. Moreover,embodiments may also be downloaded as a program product, wherein theprogram may be transferred from a remote data source to a requestingdevice by way of data signals embodied in a carrier wave or otherpropagation medium via a communication link (e.g., a modem or networkconnection).

Many of the methods are described in their most basic form but steps canbe added to or deleted from any of the methods and information can beadded or subtracted from any of the described messages without departingfrom the basic scope of the claimed subject matter. It will be apparentto those skilled in the art that many further modifications andadaptations can be made. The particular embodiments are not provided tolimit the claimed subject matter but to illustrate it. The scope of theclaimed subject matter is not to be determined by the specific examplesprovided above but only by the claims below.

What is claimed is:
 1. A system comprising: a flash memory to storeinstructions and data for performing program execution; a random accessmemory; and a multi-core processor coupled to the flash memory and therandom access memory, the multi-core processor comprising: a firstregister to reference a set of page tables, the set of page tables toprovide a mapping of guest virtual addresses to guest physicaladdresses; a second register to reference a set of extended page tablesto provide a mapping of guest physical addresses to host physicaladdresses; access logic to determine whether use of the set of extendedpage tables is enabled; address translation logic to access the set ofpage tables and the set of extended page tables to translate a guestvirtual address to a guest physical address and to translate the guestphysical address to a host physical address in response to a memoryaccess request including the guest virtual address; a translationlook-aside buffer (TLB) to cache guest virtual address to guest physicaladdress translations and guest physical address to host physical addresstranslations in corresponding TLB entries; execution logic, in responseto a TLB invalidate instruction, to invalidate a TLB entry associatedwith a guest physical address to host physical address translation, theTLB invalidate instruction to specify the guest physical address in anoperand of the TLB invalidate instruction.
 2. The system of claim 1,wherein the system is a smart phone.
 3. The system of claim 1, whereinthe multi-core processor further comprises graphics processing logic. 4.The system of claim 1, wherein the processor is to maintain separatesets of extended page tables for each of one or more virtual machines ona host machine.
 5. The system of claim 1, wherein the execution logic,in response to a global TLB invalidate instruction, is to invalidate TLBentries associated with guest virtual address to guest physical addresstranslations and thereby enable resynchronization of the TLB entries asaddresses are accessed.
 6. The system of claim 1, wherein the TLBinvalidate instruction is a first TLB invalidate instruction, andwherein the execution logic, in response to a second TLB invalidateinstruction, is to invalidate a TLB entry associated with a guestvirtual address to guest physical address translation for a particularguest virtual address, the second TLB invalidate instruction to specifythe particular guest virtual address in an operand of the second TLBinvalidate instruction.
 7. The system of claim 1, wherein the executionlogic, in response to the TLB invalidate instruction, is to synchronizethe TLB entry associated with a guest physical address to host physicaladdress translation.